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SEC JRE NETWORK BROWSJNG 



Web browsers present a local security and privacy risk on a PC 

• URLs, passwords, cookies, cached web pages and other information is stored on 
the PC's hard disk 

• Not possible to turn off every data gathering option 

• Internet Explorer insists on at least a 1MB web page cache 
- Extremely difficult to permanently delete everything 

• Magnetic 'impression' [eft on the hard disk 

• Windows/Internet Explorer locks some files preventing deletion at all! 

Consider accessing personal information (online banking, web mail etc) at: 
» Internet cafes 

• Hot desking/shared PCs 

• Libraries 

• Universities 

» Hotel/Conference business facilities 

Lack of administrator privileges compounds the problem of securely configuring the 
brow ser and 'tidying up' after yourself or installing new, more secure software. 

Data is left on a public PC that could be used to steal money or private information from 
the original user. 



Consider the following example scenario: 



1 ) User A enters an Internet Cafe and is allocated a PC to use. 

2) User A wants to buy a book from Amazon.com so the user types 
http://www.amazon.com into the web browser. 

3) The web browser retrieves the web page. The URL (Le. http://www.amazon.corn) is 
stored to hard disk as is the web page. 

4) User A types in their usemame and password to access their account The web 
browser stores this information. 

5) User A chooses a book and goes to the check out page. They type in thefr credit 
card details and click finish. The credit card details are also stored by the web 
browser. 

6} User A finishes their web browsing and leaves the Internet Cafe. 

7) User B enters the Internet Cafe and is allocated the same PC- 

8) Browsing the harddisk they find all of the information stored by User A. 

User B logs onto Amazon as User A* changes the home delivery address and uses 
the same credit card details to order 1 00 books. 

The e are products available (for Internet Explorer only) that can be installed on a PC to 
delete files after Internet Explorer has created them. However, this requires the ability to 

install new software and a reboot to remove all files. This is simply not possible on a 

public PC to install new software. 

Alternatively, the browser manufactures may choose to increase the functionality of their 
web browsers to address this issue. However, this still requires the new web browser to 
be installed and correctly configured on the public PC. The proposed solution removes 
any reliance on any supposed client side secure configuration by the system 
administrator. 
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A variation on this is a method whereby the web server can negotiate with the web . 
browser for secure local environment. However this still has a flaw in requiring trust of the 
valid ty and configuration of the locally installed web browser. 

Typically Internet secure solutions are concerned with the link between the client and the 
server. This solution addresses security on the client itself. 

A user may not be able to download new application software on a public terminal. 
Therefore any solution must be operable within the confines of software already installed 
on that terminal i.e. a web browser with a Java environment (Java/browser installation 
penetration is in the 99.9+ range). 

In an embodiment of the present invention, the user browses to a web page and 
downloads a new Java applet. This applet is in itself a new web browser. However, it has 
beer written from a secure aspect with no physical disk storage required, no logging of 
data or other traces (eft- The user then can interact with this browser within a browser with 
the !• nowledge no residue is left on the public terminal. 

For example: 

1 ) User A enters an Internet Cafe and is allocated a PC to use. 

2) User A visit a web site where they can download a Java web browser applet For 
example, they type http://www.javabrowser^com into the web browser (e.g. Internet 
Explorer). This URL is stored by the web browser. 

3) Internet Explorer downloads the Java web browser applet and runs it, displaying the 
browser applet within the main Internet Explorer window. This applet is stored to 
hard disk by Internet Explorer. 

4) User A wants to buy a book from Amazon.com so the user types 
http://www.ama20n.com into the Java web browser. 

5) The Java web browser retrieves the web page. The URL (i.e. 
http://www.amazon.com) is not stored. 

6) User A types in their usemame and password to access their account This 
information is not stored 

7) User A chooses a book and goes to the check out page. They type in their credit 
card details and click finish. The credit card details are not stored. 

8) User A finishes their web browsing and leaves the Internet Cafe. 

9) User B enters the Internet Cafe and is allocated the same PC 

10 1 Browsing the harddisk they find all of the information stored by User A. 

Use- B finds user A visited http^www.javabrowser.com and downloaded a Java web 
browser applet. This is the only Information they can find. 

The ability to download and use a trusted web browser in an untrusted environment and 
preserve the security of the downloaded browser is advantageous. 

Conceptually, this screen mock up illustrated in figure 1 shows what a Java web browser 
within the standard Internet Explorer could look like: 
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Due to the security environment of Java applets they can onfy communicate back to web 
server they were download from. Therefore to enable Internet wide access the web server 
mus also be a web proxy server* Alter natively, the browser may be downloaded from a 
single site such as an Internet bank and only communication With that bank's weis site 
possible. To prevent the need to download the browser multiple times every time a new 
site is visited there could be a core web browser that is download from one site and 
Internet enabling plugins for other sites. The use of a proxy will also allow other traffic than 
web to be accessible from within the main browser. 

To n minimise download time in general this modular approach could also be used to only 
download the web browser components as they are required. For example, only download 
a plug in to render a .GIF format image when one is encountered. 

The applet must follow good practice for security software* Volatile memory can still be 
interrogated. Therefore the applet should not store data longer than necessary and 
destroy it by overwriting it rather than simply returning it to the system pool. If necessary 
all ether data could be stored in encrypted format in RAM. As part of the download 
procedure or to verify the integrity of a previously installed web browser applet stiit pn the 
public terminal there can also be a mechanism of performing a check using a standard 
method such as a CRC or hash test. 

Software exists to monitor key strokes. If this has been installed on a public terminal a 
usei 's password or other details could be found. However, now that there is secure control 
ovei the web browser environment extra functionality such as a pop up mouse driven 
keyboard can be included. It may be possible to monitor the movement of the mouse so 
the keyboard layout can be randomised to prevent playing back of the mouse movements 
at a later date to find the keys clicked on. 

Following on from this, the downloaded web browser may be modified to match 
partculariy requirements such as from an Internet bank whilst still using Internet and web 
technologies. This would be a variation on the original idea but still use the security and 
privacy concepts. 

In ai alternative embodiment, a server side web browser is run with the display echoed to 
the local terminal. The terminal software will still require many of the features of a web 
broker such as supporting pull down menus, secure socket layers etc so this is simply 
abstracting where some of the functionality lies but still preserving the concept of not 
storing information localiy. In detail, the user downloads a Java applet- This Java applet 
is s milar to the web browser applet in that it is securely written to not require access to 
the hard disk and to not cache information. This Java applet communicates with a web 
browser-like process running on a server. Each key press or mouse movement is send to 
this web browser process. The process interprets these actions within the context of a 
wet browser. For example, if -the user types in http://www.bbaco.uk in the Java applet, 
this text is sent to the server, the server will input the text to it's web browser process and 
retreve the web page. The web page is then sent in a graphical format (i.e. not HTML) to 
the Java applet which displays it. As the graphical image is sent to the Java applet and 
not the main web browser (i.e. Internet Explorer) no caching of the image will occur. 
Furthermore, as the URL http://www,bbc.co.uk was typed in the Java applet and not 
Internet Explorer it also will not be cached. For example: 
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1) user A enters an Internet Cafe and is allocated a PC to use. 

2) User A visit a web site where they can download a Java applet. For example, ttiey 
type http://www.javaapplet.com into the web browser (e.g. Internet Explorer). This 
URL is stored by the web browser. 

3) Internet Explorer downloads the Java applet and runs it, displaying the applet within 
the main Internet Explorer window. This applet is stored to hard disk by Internet 

4) User* a' wants to buy a book from Amazon.com so the user types 
http://www.amazon.com into the Java applet. 

5) The Java applet sends these key presses to the Java browser server 

6) The Java browser server retrieves the web page, formats it graphically and sends it 
to the Java applet 

7) The Java applet displays the graphic. This graphic is not stored to hart disk 

8) User A types in their usemame and password to access their account. This 
information is sent via the Java browser server. The usemame and password is not 
stored. ^ . ... 

9) User A chooses a book and goes to the check out page. They type in their credit 
card details and click finish. The credit details details and mouse click are sent to the 
Java browser server. The credit card details are not stored. 

10) User A finishes their web browsing and leaves the Internet Cafe. 

1 1 ) User B enters the Internet Cafe and is allocated the same PC - 

1 2) Browsing the harddisk they find all of the information stored by User A. 

13) User B finds user A visited http.//www.javaapplet.com and downloaded a Java 
applet This is the only information they can find- 

Thus embodiments of the invention allow a user to access the Internet fronv a ipublic 
terminal in a secure and private manner to allow the user to view sensitive informaton 
suci as bank details or email. The method is not dependant on the security and pmacy ot 
the public terminal itself thus providing a self contained security and privacy solution. 

The- above examples make use of a Java applet. This is exemplary only and JT will be 
appreciated that other downloadable applications may be configured to perform the 
fumition of the applets described above. 

CLAIMS 

1 A method of enhancing data security at a terminal connected to a public data 
network, the method comprising; transmitting over the network from the terminal to a 
server a request for a network communications programme stored on the server to 
be downloaded to the terminal, receiving the communications programme at me 
terminal and running the communications programme at the terminal, wherein i the 
communications programme is configured so that data received as ^r input at he 
terminal by the programme for transmission into the network is transmitted into the 
network without a record of the data being stored at the terminal or that user 
requested data received at the terminal by the programme from the network is 
presented to the user without a record of the data being stored at the terminal. 
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